Return-Path: Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: (qmail 97180 invoked from network); 3 Mar 2010 17:28:55 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 3 Mar 2010 17:28:55 -0000 Received: (qmail 55488 invoked by uid 500); 3 Mar 2010 17:28:47 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 55456 invoked by uid 500); 3 Mar 2010 17:28:47 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 55448 invoked by uid 99); 3 Mar 2010 17:28:47 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Mar 2010 17:28:47 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Mar 2010 17:28:47 +0000 Received: from brutus.apache.org (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 3734D234C4BC for ; Wed, 3 Mar 2010 17:28:27 +0000 (UTC) Message-ID: <85387005.39881267637307225.JavaMail.jira@brutus.apache.org> Date: Wed, 3 Mar 2010 17:28:27 +0000 (UTC) From: "Owen O'Malley (JIRA)" To: common-issues@hadoop.apache.org Subject: [jira] Commented: (HADOOP-6603) Provide workaround for issue with Kerberos not resolving cross-realm principal In-Reply-To: <924517533.47301267493525772.JavaMail.jira@brutus.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12840745#action_12840745 ] Owen O'Malley commented on HADOOP-6603: --------------------------------------- I don't think that the check to make sure the 2 component of the krbtgt is the realm is necessary. Other than that, it looks good. > Provide workaround for issue with Kerberos not resolving cross-realm principal > ------------------------------------------------------------------------------ > > Key: HADOOP-6603 > URL: https://issues.apache.org/jira/browse/HADOOP-6603 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: Jakob Homan > Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S.patch > > > Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.